With massive hacking scandals at Equifax, Uber, and other leading companies dominating headlines over the last year, the 2018 USF Law Review Symposium examined legal and non-legal facets of data breaches.

The symposium, “The Epidemic of Data Insecurity,” held on Jan. 26, included panel discussions on data insecurity, preventative measures against attacks, legal recourse for breach victims, and the ethical issues related to retaining digital information. It was co-sponsored by Hanson Bridgett and the California Bar Association’s Internet and Privacy Law Committee.

“The attendees enjoyed hearing the varied expert perspectives on the problem of data insecurity and how best to address it,” said Associate Dean for Academic Affairs and Professor Susan Freiwald, who served as the symposium faculty advisor. “Some students and lawyers came away inspired to practice in the burgeoning area, and all attendees left the symposium better able to protect against and respond to data breach.”

During the panel “Reasons to Care: The Value of Data Security,” Evan LeBon ’13, manager of privacy and assurance and security product counsel at AppDynamics, moderated a discussion between Kate Black, privacy officer and corporate counsel at 23andMe, Joshua de Larios-Heiman ’05, managing director at Data Law, and William Kellermann ’90, electronic discovery and information governance counsel at Hanson Bridgett LLP. The panelists encouraged attorneys and companies to invest in data security before a breach.

“When I work with startups, privacy is one of the first things that I look at,” said de Larios-Heiman. “Privacy and data need to be priorities when coming up with a business plan. You need a privacy plan, you need a data encryption plan — because these breaches are really expensive.”

Kellerman has seen companies fail because of data security issues and worked with startups whose strict privacy hindered their success. “You have to find a balance, and you have to help them get to where they need to be so that they can do something that is good for the company and also good for the customer, within the legal framework that is not always very clear in terms of what your actual responsibility might be,” he said.

Kristine Poplawski, deputy city attorney in the San Francisco City Attorney’s Office, recounted filing the Equifax lawsuit during the “Remedies for Breach: A Primer for Victims” panel. Along with moderator Everett Monroe ’14, an attorney at Hanson Bridgett, and fellow panelist Stacey Schesser, supervising deputy attorney general in the Consumer Law Section — Privacy Unit of the Office of the California Attorney General, they considered data breach from the perspective of the consumer victim, looking at the rights victims have, successes in vindicating those rights, and the barriers to obtaining any recovery.

“This is data that is going to live on the dark web for years and years and years, so that really got our attention,” Poplawski said. “Equifax waited five weeks to post a notice. They should have figured out early on that it was a huge breach.”

The day-long event was put on by the staff of USF Law Review, led by symposium editor Michael J. Choi 3L.